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DETAILED ACTION 

Response to Remarks/Arguments 

1 . Applicant's arguments with respect to the rejection of pending claims have been 
fully considered but they are not persuasive. 



1 .1 In response to Applicant argument that the Shanklin et al. (U.S. Patent No. 
6,578,147 B1) (herein as "Shanklin") reference does not teach or suggest any of the 
limitations of claim 1 including: 

• providing ... so that utilization of each network intrusion detection system 
can be based on demand for said network intrusion detection systems in 
said dynamic data center; 

• receiving a monitoring policy and a plurality of monitoring points to be 
monitored on a network with any of said network intrusion detection 
systems; and 

• and automatically arranging the monitoring of said monitoring points using 
said network intrusion detection systems and said monitoring policy. 



Regarding the first limitation, the Examiner directs the Applicant to column 2 lines 
48-50 which recites "multiple intrusion detection sensors are used at the entry 
point to the network, specifically, at an 'internetworking device' such as a router 
or a switch" and column 2 lines 54-58 which recites "internetworking device, 
whether a router or switch, is processor-based and includes load balancing 
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programming, which controls how packets are distributed from the 
internetworking device to the sensors for processing." 

Regarding the second limitation, the Examiner directs the Applicant to column 2 
lines 1-13 in which Shanklin et al. discloses the claimed "monitoring policy" as 
being inclusive to the IDS sensors, which comprise: "packet load to the sensors 
that is 'load balanced', such that said packets are distributed at least at a 
session-based level [or] packet-based level ... the results of the detection 
performed by the sensors and the network analyzer are used to determine if 
there is an attempt to gain unauthorized access to the network." 

Regarding the third limitation, the directs the Applicant to column 5 lines 19-20 in 
which Shanklin et al. again discloses the "monitoring points" as being inclusive to 
the IDS sensors, which comprise "load balancing unit, which distributes packet 
among the sensors," which can be "session-based (column 5 line 22)" or 
"network-based (column 5 line 58)." 

1 .2 The Examiner further maintains that the claimed "dynamic data center" is indeed 
disclosed by the reference of record, pointing to the definition of what the claimed 
"dynamic data center" is described as in the Specification, submitted during the filing of 
this (on 07/25/2003). In the Specification the Applicant describes the "dynamic data 
center" as having "a controller 10, a graphical user interface (GUI) 20, a database 30, a 



Application/Control Number: 10/627,017 Page 4 

Art Unit: 2136 

plurality of internal networks 40, and a communication link 80 to communicate with 
external networks (e.g., the Internet)." The Examiner submits that the Figures 1-6 of 
Shanklin provides a disclosure of the claimed "dynamic data center." Specifically the 
claimed "controller" is equated to the disclosed "switching control" within the Session 
Load Balancer (see Figure 4). The claimed "graphical user interface" is equated to the 
inherent graphical user interface of the IDS manager station (see Figure 1 and column 3 
lines 55-58). The claimed "database" is equated to the database within the server which 
is a gateway to network resources (see Figure 2 and column 3 lines 51-54). The 
claimed "plurality of internal networks" is equated to the local networks of column 6 lines 
57-55. The claimed "communication link" is equated to the disclosed link to the 
"External Network" of Figures 1-3. Therefore the Examiner understands the Shanklin 
reference to disclose the claimed "dynamic data center" as defined, thus the rejections 
of claims 1-20 are maintained. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 
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Claims 1-20 are rejected under 35 U.S.C. 1 02(e) as being disclosed by Shanklin 
etal. (U.S. Patent No. 6,578,147 B1). 

Regarding claims 1 , 8 and 15 , Shanklin et al. , discloses a method, system and a 
computer readable medium comprising computer-executable instructions stored 
therein for managing utilization of network intrusion detection systems in a 
dynamic data center, said method comprising: providing a plurality of network 
intrusion detection systems, each being networked so that utilization of each 
network intrusion detection system can be based on demand for said network 
intrusion detection systems in said dynamic data center (column 2 lines 48-50 - 
"Multiple intrusion detection sensors are used at the entry point to the network, 
specifically, at an 'internetworking device' such as a router or a switch" and 
column 2 lines 54-58 - "Internetworking device, whether a router or switch, is 
processor-based and includes load balancing programming, which controls how 
packets are distributed from the internetworking device to the sensors for 
processing"); receiving a monitoring policy and a plurality of monitoring points to 
be monitored on a network with any of said network intrusion detection systems 
(column 2 lines 1-13 - Shanklin et al. discloses the claimed "monitoring policy" as 
being inclusive to the IDS sensors, which comprise: "packet load to the sensors 
that is 'load balanced', such that said packets are distributed at least at a 
session-based level [or] packet-based level ... the results of the detection 
performed by the sensors and the network analyzer are used to determine if 
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there is an attempt to gain unauthorized access to the network"); and 
automatically arranging the monitoring of said monitoring points using said 
network intrusion detection systems and said monitoring policy (column 5 lines 
19-20 - Shanklin et al. again discloses the "monitoring points" as being inclusive 
to the IDS sensors, which comprise "load balancing unit, which distributes packet 
among the sensors," which can be "session-based (column 5 line 22)" or 
"network-based (column 5 line 58)"). 

Shanklin et al. recites intrusion detection sensors which "autonomously 
comprise the entire intrusion detection system (column 3 lines 58-62). 
Therefore, the Examiner understands the disclosed "multiple intrusion 
detection sensors" to comprise the function of claimed plurality of network 
intrusion detection system, monitoring points and monitoring policy. Thus 
the disclosure of Shanklin etal. highlights the various elements and 
components of the disclosed "multiple intrusion detection sensors are 
used at the entry point to the network, specifically, at an 'internetworking 
device' such as a router or a switch." 

Regarding claims 2, 9 and 16 , Shanklin et al. , discloses a method, system and a 
computer readable medium comprising computer-executable instructions stored 
therein for automatically arranging the monitoring of said monitoring points 
includes: automatically configuring a plurality of network resources to provide 
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network communication data from said monitoring points to a plurality of 
available network intrusion detection systems from said network intrusion 
detection systems (column 3 lines 59-65 - "[sensors] might forward alarms to 
station 10c, which may then alert the sytem manager or automatically take 
action"); and automatically configuring said available network intrusion detection 
systems to receive said network communication data based on said monitoring 
policy (column 2 lines 1-7 - "packet load to the sensors that is 'load balanced', 
such that said packets are distributed at least at a session-based level [or] 
packet-based level ... the results of the detection performed by the sensors and 
the network analyzer are used to determine if there is an attempt to gain 
unauthorized access to the network). 

Regarding claim 3 , Shanklin et al. , discloses a method, system and a computer 
readable medium comprising computer-executable instructions stored therein for 
automatically arranging the monitoring of said monitoring points further includes: 
automatically increasing a number of particular network intrusion detection 
systems receiving said network communication data from a particular monitoring 
point by selecting additional available network intrusion detection systems if said 
network communication data exceeds a capacity of said particular network 
intrusion detection systems (column 2 lines 1-18 and column 3 lines 57-65 - the 
claimed automatically increasing IDS systems is found in the disclosure of the 
"solution provided by the invention [being] easily scalable" in size from large 
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scale to small scale). 

Regarding claims 4, 11 and 18 , Shanklin et al. , a method, system and a 
computer readable medium comprising computer-executable instructions stored 
therein for automatically arranging the monitoring of said monitoring points 
further includes: automatically decreasing a number of particular network 
intrusion detection systems receiving said network communication data from a 
particular monitoring point by releasing any of said particular network intrusion 
detection systems to said available network intrusion detection systems if said 
network communication data is below a predetermined threshold of a capacity of 
said particular network intrusion detection systems (column 2 lines 1-18 and 
column 3 lines 57-65 - the claimed automatically decreasing IDS systems is 
found in the disclosure of the "solution provided by the invention [being] easily 
scalable" in size from large scale to small scale 

Regarding claims 5, 12 and 19 , Shanklin et al. , discloses a method, system and 
a computer readable medium comprising computer-executable instructions 
stored therein for which resources include one of a firewall, a gateway system, a 
network switch, and a network router (columnl lines 19-28 or column 3 lines 23- 
29). 

Regarding claims 6 and 13 , Shanklin et al. , discloses a method, system and a 
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computer readable medium comprising computer-executable instructions stored 
therein for receiving a monitoring policy and a plurality of monitoring points to be 
monitored includes: providing a graphical user interface to receive said 
monitoring policy and said plurality of monitoring points to be monitored (column 
3 lines 54-57 - "user interface"). 

Regarding claims 7, 14, 20 , Shanklin et al. , discloses a method, system and a 
computer readable medium comprising computer-executable instructions stored 
therein for which dynamic data center is a utility data center (column 1 lines 19- 
26). 

Conclusion 

3. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CHINWENDU C. OKORONKWO whose telephone 
number is (571 )272-2662. The examiner can normally be reached on MWF 2:30 - 6:00, 
TR 9:00-3:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272 4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/C. C. O.l 

Examiner, Art Unit 2136 

/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2136 



